Home Verkennen Help
Inloggen
lfs
/
lfs-book
2
0
Vork 0
Bestanden Issues Pull-aanvragen 0 Wiki
Bladeren bron

Add patch for tar re CVE-2006-0300, to fix ticket #1767.

git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@7520 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
Ken Moffat 19 jaren geleden
bovenliggende
58315ceb90
commit
3477776378
4 gewijzigde bestanden met toevoegingen van 16 en 0 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 3 0
      chapter01/changelog.xml
  2. 7 0
      chapter03/patches.xml
  3. 5 0
      chapter06/tar.xml
  4. 1 0
      patches.ent

+ 3 - 0
chapter01/changelog.xml
Bestand weergeven 

@@ -39,6 +39,9 @@
 
     <listitem>
 
       <para>April 14, 2006</para>
 
       <itemizedlist>
 
+	<listitem>
 
+	  <para>[ken] - Add security patch for tar to address CVE-2006-0300.</para>
 
+	</listitem>
 
         <listitem>
 
           <para>[archaic] - Upgraded to man-pages-2.29 and linux-2.6.16.5. No
 
           command changes.</para>

+ 7 - 0
chapter03/patches.xml
Bestand weergeven 

@@ -200,6 +200,13 @@
 
       </listitem>
 
     </varlistentry>
 
 
+    <varlistentry>
 
+      <term>Tar Security Fixes Patch - 4 KB:</term>
 
+      <listitem>
 
+        <para><ulink url="&patches-root;&tar-security_fixes-patch;"/></para>
 
+      </listitem>
 
+    </varlistentry>
 
+
 
     <varlistentry>
 
       <term>Texinfo Multibyte Fixes Patch - 1 KB:</term>
 
       <listitem>

+ 5 - 0
chapter06/tar.xml
Bestand weergeven 

@@ -54,6 +54,11 @@
 
 
 <screen><userinput>patch -Np1 -i ../&tar-sparse_fix-patch;</userinput></screen>
 
 
+    <para>Recent versions of tar are vulnerable to a buffer overflow from
 
+    specially crafted archives. The following patch addresses this:</para>
 
+
 
+<screen><userinput>patch -Np1 -i ../&tar-security_fixes-patch;</userinput></screen>
 
+
 
     <para>Prepare Tar for compilation:</para>
 
 
 <screen><userinput>./configure --prefix=/usr --bindir=/bin --libexecdir=/usr/sbin</userinput></screen>

+ 1 - 0
patches.ent
Bestand weergeven 

@@ -46,6 +46,7 @@
 
 
 <!ENTITY tar-gcc4_fix-patch "tar-&tar-version;-gcc4_fix_tests-1.patch">
 
 <!ENTITY tar-sparse_fix-patch "tar-&tar-version;-sparse_fix-1.patch">
 
+<!ENTITY tar-security_fixes-patch "tar-&tar-version;-security_fixes-1.patch">
 
 
 <!ENTITY texinfo-multibyte-patch "texinfo-&texinfo-version;-multibyte-1.patch">
 
 <!ENTITY texinfo-tempfile_fix-patch "texinfo-&texinfo-version;-tempfile_fix-2.patch">